Attribution of information influence operations is broken – this is how to fix it, suggests a new publication by NATO StratCom COE and Hybrid CoE

Digital platforms are vulnerable to manipulation: Since 2018, the big three platforms – Google/YouTube, Facebook, and Twitter – have announced over 350 takedowns of coordinated efforts at manipulation. Such takedowns usually involve attribution, a statement of blame towards the actors behind the information influence operation (IIO).

However, attribution of information influence operations is dysfunctional, claim James Pamment and Victoria Smith, the authors of a new study published by the NATO Strategic Communications Centre of Excellence and the European Centre of Excellence for Countering Hybrid Threats.

According to the study, a typical platform takedown makes a statement of attribution but rarely shares the evidence that led to that conclusion. Hence, the study aims to improve the ability of practitioners to collect and analyse evidence in support of the attribution process.

To this end, the authors offer an attribution framework consisting of the types of evidence available through different kinds of data.

Attribution can be based on four types of evidence:

  • Technical evidence (the observable traces that an adversary leaves behind at the level of digital signals)
  • Behavioural evidence (knowledge of the tools, techniques and procedures (TTPs) by which adversaries carry out their work) 
  • Contextual evidence (an assessment of the content and the socio-political context of the IIO and the motivations of the adversary) 
  • A legal & ethical assessment (as to whether assigning blame is proportionate, and whether it sets into motion considerations relating to e.g. political or commercial fallout, treaties or litigation)

The evidence may be derived from three kinds of data:

  • Open source (open-source information and intelligence, OSINT)
  • Proprietary source (based on privileged backend data sources such as those available to digital platforms, private intelligence and cyber security companies)
  • Classified source (based on secret information primarily held by governments and the military)

The study aims to improve understanding between actors about the benefits and weaknesses of the different types of information available to different actors, and to use this understanding to improve information-sharing within the IIO community (journalists, researchers, NGOs, companies, intergovernmental organizations, and governments).

According to the authors, the clearest areas of collaboration seem to be around behavioural, contextual, and legal-ethical assessments.

“If the holders of classified and proprietary technical and behavioural evidence want to present their attributions as the most apolitical and objective assessments possible, they need open-source researchers to get better at what they do. This is only possible with a firm commitment to information-sharing, transparency, and honesty,” the authors write.

You can download and read the study entitled Attributing Information Influence Operations: Identifying those Responsible for Malicious Behaviour Online on NATO StratCom COE’s website.

The work on attribution at Hybrid CoE is led and coordinated by the Community of Interest on Hybrid Influence. You can read more about its work on our website.

Share this on:
Find out more about topics: Categories